[Top] [All Lists]

Re: [ietf-smtp] why are we reinventing mta-sts ?

2019-10-07 08:46:28
In article 
<249ffeeb-44eb-b180-52e1-866e755c5cc1(_at_)network-heretics(_dot_)com> you 
And depending on DNSSEC probably does impair the ability of this to be 
deployed.   But if DoT can be used instead of DNSSEC, it seems to me 
that this might be easier to deploy than MTA-STS.

But DoT and DNSSEC are unrelated.  DNSSEC promises that the data you
got are the ones that the authoritative servers published, even though
someone might have snooped on the way.  DoT promises that nobody
snooped and the data you got are the ones that the resolver, which may
be lying, sent.

You can have either without the other.  If you want confidentiality
and integrity, you need both.


ietf-smtp mailing list